fighter_81
March 23rd, 2005, 10:18
Hello to all of you, i was attempt to unpack a program packed with arma and after dumping at oep and after the iat fixing i had to beat the nanomites protection and to do this i thought that i can install a Structured Handler Exception to deal with the int3. My first question was where can i install it?
After some thinking i found an answer to my own question and i think that i could install mi seh between the GetThreadContext where it gets the place where int3 occurs and the SetThreadContext where it get the control back to the int3.
What do you think of this method to defeat them?
And my final question is if is better to install a per-thread handler or a final-thread one.
What do you think?
Hope having an answer.
Regards,
FIGHTER_81
After some thinking i found an answer to my own question and i think that i could install mi seh between the GetThreadContext where it gets the place where int3 occurs and the SetThreadContext where it get the control back to the int3.
What do you think of this method to defeat them?
And my final question is if is better to install a per-thread handler or a final-thread one.
What do you think?
Hope having an answer.
Regards,
FIGHTER_81